Secure handle for intra- and inter-processor communications
First Claim
Patent Images
1. A computer-implemented method for enabling communication of data from a kernel of an operating system to a client, comprising the steps of:
- providing a context object that includes the data to be accessible to the client;
providing the kernel with a secure object handle, the secure object handle including an actual address of the context object and being particular to the context object;
sending the secure object handle from the kernel to the client over a bidirectional interface;
receiving, from the client, the secure object handle over the bidirectional interface, indicating that the client requires access to the data in the context object, andchecking an integrity of the secure object handle in the kernel and allowing access to the data by the client if the integrity check is successful and disallowing access to the data by the client if the integrity check is unsuccessful.
6 Assignments
0 Petitions
Accused Products
Abstract
A protocol element referred to as a secure handle is described which provides an efficient and reliable method for application-to-application signaling in multi-process and multi-computer environments. The secure handle includes an absolute memory reference which allows the kernel to more quickly and efficiently associate a network data packet with an application'"'"'s communication context in the kernel.
-
Citations
45 Claims
-
1. A computer-implemented method for enabling communication of data from a kernel of an operating system to a client, comprising the steps of:
-
providing a context object that includes the data to be accessible to the client; providing the kernel with a secure object handle, the secure object handle including an actual address of the context object and being particular to the context object; sending the secure object handle from the kernel to the client over a bidirectional interface; receiving, from the client, the secure object handle over the bidirectional interface, indicating that the client requires access to the data in the context object, and checking an integrity of the secure object handle in the kernel and allowing access to the data by the client if the integrity check is successful and disallowing access to the data by the client if the integrity check is unsuccessful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory machine-readable medium having data stored thereon representing sequences of instructions which, when executed by a kernel of an operating system, causes the kernel to enable communication of data from the kernel to a client, by performing the steps of:
-
providing a context object that includes the data to be accessible to the client; providing the kernel with a secure object handle, the secure object handle including an address of the context object and being particular to the context object; sending the secure object handle from the kernel to the client over a bidirectional interface; receiving, from the client, the secure object handle over the bidirectional interface, indicating that the client requires access to the data in the context object, and checking an integrity of the secure object handle in the kernel and allowing access to the data by the client if the integrity check is successful and disallowing access to the data by the client if the integrity check is unsuccessful. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A computer system configured to securely enable communication of data from a kernel of an operating system to a client, the computer system comprising:
-
at least one processor; at least one data storage device coupled to the at least one processor; a plurality of processes spawned by the at least one processor, the processes including processing logic for; providing a context object that includes the data to be accessible to the client; providing the kernel with a secure object handle, the secure object handle including an actual address of the context object and being particular to the context object; sending the secure object handle from the kernel to the client over a bidirectional interface; receiving, from the client, the secure object handle from the client over the bidirectional interface, indicating that the client requires access to the data in the context object, and checking an integrity of the secure object handle in the kernel and allowing access to the data by the client if the integrity check is successful and disallowing access to the data by the client if the integrity check is unsuccessful. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
Specification